On Wed, Sep 26, 2018 at 04:07:33PM +0100, Joe wrote:
You're only moving the problem around. Some completely standard piece of code *somewhere* has to know what is the right place to insert such a rule. I'll give you an example: neither the beginning nor the end of my INPUT chain is the right place, because I do some catch-all stuff about RELATED and INVALID at the beginning of the chain, and some assorted logging at the end. I don't want anything placed before or after those parts. In fact, the right place for my server firewall isn't in the INPUT chain at all, but in one of a few custom chains.
Exactly, it would not be worth attempting to support meshing your setup with the system I sketched out. This is exactly the situation where I'd say you go it alone instead, exactly as you do now. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
